It happened again. Last week, hackers stole 4,700 Bitcoins (over $80 million at todayโs price) from mining marketplace NiceHash.
(The company pairs up people with spare computing power with others who are willing to pay to use that capacity to mine Bitcoin– and then announced they would reimburse users who lost money from the hack.)
On top of that, last month hackers stole $31 million of another cryptocurrency called Tether.
But those are only two recent attacks.
Remember Mt. Gox?
The Bitcoin exchange was founded 2010. By 2013, it was handling around 80% of all Bitcoin transactions.
Then the company halted all trading after โtechnical issuesโ caused 850,000 Bitcoins to go missing.
Those missing coins are worth over $15 billion at todayโs price.
All of the crypto theft making people question the security of Bitcoin and other digital currencies.
But itโs important to remember, in these cases, โBitcoinโ didnโt get hackedโฆ it was the exchanges or marketplaces that got hacked.
This happens almost every day; people unwittingly get their phones and emails hacked and end up losing their cryptocurrency in the process.
It reminds me of the early days of the Internet, back when WiFi was still a new thing and banks were just starting to provide online account access.
Back then, hacks were commonplace. Users didnโt know enough about wireless network security, and banks didnโt have SSL enabledโฆ so hackers could easily โsniffโ data packets and steal bank login details.
Fast forward 10-15 years and all of thatโs changed.
Most people at this point (hopefully) know how to secure their WiFi networks with WPA2 security or better, and banks employ much better security and encryption standards.
But with cryptocurrencies itโs still very Wild West out there, vastly increasing the chances of hacks, cracks, and theft.
Youโd be amazed, for example, how many people use a ridiculously unsecure password like โ123456โ for a website login that stores their Bitcoin secret key.
And even if hackers donโt steal your crypto, thereโs still a chance youโll lose it.
A friend of mine bought some Bitcoin in 2010 and stored it on a laptop. Then he threw the laptop awayโฆ along with all the Bitcoin. And thereโs no way to get it back.
Like just about anything, all it takes is a little bit of education to prevent a major disaster from occurring.
One approach I encourage you to learn about for storing crypto is called โcold storage.โ
Before I define cold storage, a bit of background if youโre unfamiliar with how the public key/private key system works.
A public key is a code available to anyone who trades cryptocurrency with you. A private key is a secret, alphanumeric number never to share with anyone.
Imagine a cryptocurrency public key is your home address. That address is in just about every public database imaginable, from the county clerkโs property registry to the local phone book.
And if you want someone to send you mail, you give them your address. Easy.
But the simple fact that someone has your home address doesnโt give them access to the inside of your house, and the contents within it.
No, for that, theyโll need your house key. And thatโs essentially what your crypto private key is: something that allows only you to access the property.
So: public key = home mailing address, private key = house key.
Clearly it makes sense to safeguard your house key. You wouldnโt make copies and distribute them in public to everyone who walks by.
Similarly it makes sense to safeguard your private key (sometimes called secret key).
When you store your cryptocurrency with an exchange, or even in a web or mobile wallet, it means that some other service or application has control of your private key.
If they get hacked, youโll lose everything. If they go rogue, youโll lose everything.
Iโm always amazed that so many people store crypto in this way.
Part of the benefit of holding crypto is that you can essentially be your own banker, i.e. there is no middle man between you and your savings.
Bottom line, you donโt need some website storing your key online for you. With a bit of education, itโs possible to create your own wallet and store the private key -offline-.
This is whatโs known as cold storage.
Bear in mind that a private key is nothing more than a string of digits, something like
5Kb8kLf9zgWQnogidRq76MzPL6TsZZY36hWXMssSzNydYXYB9KF
If you really wanted you could simply write this down on a piece of paper, or even memorize it if youโre so inclined (though those methods are prone to errors).
But one safer option is to go to a site like bitaddress.org, which is a client-side application to create a public/private key pair.
This is important, because once you load the page you can actually disconnect your computer from the Internet entirely, ensuring that no one is spying or sniffing on your activity.
(There are other steps you can take to be even more secure, like setting up a stand-alone virtual machine solely for creating a wallet– but weโll save those for another time.)
The page will go through a process to generate a key, and when prompted, you can choose the โpaper walletโ option.
At that point you can simply print your paper wallet, put it in your home safe (or wherever you store your other valuables), and never give it to anyone.
Once youโve secured your paper wallet in your safe, the bulk of your crypto wealth is offline and safe from computer glitches or hacks.
And the next time some poor soul loses his hard driveโฆ or another major Bitcoin exchange gets hackedโฆ you can rest assured that your crypto wealth is safe.
